[<prev] [next>] [day] [month] [year] [list]
Message-ID: <915479e00cbcbb2f13a01301198f9aec.squirrel@www.secniche.org>
Date: Thu, 25 Nov 2010 12:48:43 -0500
From: 0kn0ck@...niche.org
To: bugtraq@...urityfocus.com
Subject: CVE-2010-2408 | Persistent Log Out Redirection Vulnerability in
Oracle I-Recruitment OA.jsp
Advisory: Persistent Log Out Redirection Vulnerability in Oracle
I-Recruitment OA.jsp
CVE-2010-2408
Version Affected - 11.5.10.2, 12.0.6, 12.1.3
About: Oracle I-Recruitment Suite
Oracle iRecruitment is a web based full-cycle recruiting solution that
gives managers, recruiters and candidates the ability to manage every
phase of finding, recruiting, hiring, and tracking new employees. It is a
part of Oracle E-business suite.
Discussion:
The Oracle I-Recruitment suite possesses web URL redirection vulnerability
in OA.jsp web page. It is possible to redirect a user to malicious domain
after logging out of the application. The vulnerable parameter is
p_home_url. When a value is passed to this parameter, it becomes
persistent in nature and remains active until the session is expired.
The vulnerable Link:
https://www.example.com/OA_HTML/OA.jsp?_rc=IRC_VIS_HOME_PAGE&_ri=800&p_home_url=http://www.attacker.com
An attacker can construct a URL in this way and forces user to redirect to
the malicious link after logging out of the application.This type of
vulnerability can be exploited by malicious attackers to launch phishing
attacks etc
The vulnerability exploitation video can be seen at SecNiche Security
channel : http://www.youtube.com/watch?v=0lBHeqNBljU
Disclosure:
The vulnerability was disclosed to Oracle in January 2009 and is patched
in October 2010 CPU release.
Credit:
Aditya K Sood of SecNiche Security
Contact:
adi_ks [at] secniche.org
Disclaimer
The information in the advisory is believed to be accurate at the time of
publishing based on currently available information. Use of the
information constitutes acceptance for use in an AS IS condition. There is
no representation or warranties, either express or implied by or with
respect to anything.
Powered by blists - more mailing lists